67ab409aa9442b23c6d195addce6a32f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

67ab409aa9442b23c6d195addce6a32f_JaffaCakes118
Size

179KB
MD5

67ab409aa9442b23c6d195addce6a32f
SHA1

23eff0def6c978b7efbd084abbd5dbe32fa1dda7
SHA256

9c2681c46779c0d4307c3159b14254c36de443fda1d9b13d8149de8260b81a77
SHA512

5acd82807dd052d3e389a51d8f2e3393ea6eb153ba7adbf5868c3a3db67a890c5f382ddfbeaf1eb1ff5470308e34fe259b0319b3bf6459864711a4d7c66c512d
SSDEEP

3072:vaXitKNtmlphxLDTMcbHjqgm3BS8DVMByXBvVZ1A:yXi8/gp3TPDrm3BpLRva

Score

1^/10

Malware Config

Signatures

Files

67ab409aa9442b23c6d195addce6a32f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6a65381a06775ee3f021722f2d33f9ed

Code Sign

4a:1b:6a:a1:29:f5:77:4d:bb:1b:5c:26:24:3c:84:35
Certificate

Issuer

CN=OINBCJUN

Not Before

12/03/2019, 09:54

Not After

31/12/2039, 23:59

Subject

CN=OINBCJUN

Extended Key Usages

ExtKeyUsageCodeSigning

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

01:b4:34:6f:a1:2a:37:11:2d:be:1f:e8:d7:7e:5e:80:4a:fd:46:cb:a1:7e:aa:58:12:6f:34:4e:21:6e:09:8f
Signer

Actual PE Digest

01:b4:34:6f:a1:2a:37:11:2d:be:1f:e8:d7:7e:5e:80:4a:fd:46:cb:a1:7e:aa:58:12:6f:34:4e:21:6e:09:8f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
ExitProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleAliasA
GetConsoleCP
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatA
GetDriveTypeA
GetEnvironmentStringsW
GetFileAttributesExA
GetFileType
GetLastError
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetTimeFormatW
Heap32ListFirst
HeapAlloc
HeapFree
HeapReAlloc
EncodePointer
InitializeCriticalSectionAndSpinCount
InitializeSListHead
IsBadCodePtr
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
LoadLibraryW
LocalFileTimeToFileTime
LocalFree
MultiByteToWideChar
OpenEventW
OpenThread
OpenWaitableTimerW
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ReadConsoleA
ReadFileScatter
ResumeThread
RtlUnwind
SetConsoleCtrlHandler
SetFileAttributesA
SetFilePointer
SetFilePointerEx
SetFileTime
SetLastError
SetLocaleInfoA
SetStdHandle
SetSystemTimeAdjustment
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WaitForSingleObject
WideCharToMultiByte
WriteConsoleW
WriteFile
_lread
DosDateTimeToFileTime
DeleteCriticalSection
DecodePointer
CreateTimerQueueTimer
CreateProcessW
CreateHardLinkA
CreateFileW
CreateFileA
CloseHandle
AssignProcessToJobObject
GetModuleHandleA
HeapSize
VirtualAlloc

user32

GetMessagePos
GetTopWindow
CharNextExA
CreateDialogParamA
CreateIconFromResource
DdeCreateStringHandleA
DestroyWindow
DispatchMessageA
EnableMenuItem
FlashWindow
GetDCEx
GetMessageTime
GetSystemMenu
TranslateAccelerator
SendDlgItemMessageA
PeekMessageA
InvalidateRgn

gdi32

GetMetaRgn
Escape
BitBlt
RectVisible
PolyPolygon
CreateHalftonePalette
DeleteObject

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
SHFreeNameMappings
SHGetDataFromIDListW
SHGetDiskFreeSpaceExW
SHGetFileInfoA
CommandLineToArgvW
DragQueryFile
DragQueryFileA
DragQueryFileAorW
DuplicateIcon
ExtractAssociatedIconExA
ExtractAssociatedIconExW
ExtractAssociatedIconW
ExtractIconEx
ExtractIconExA
ExtractIconExW
SHAppBarMessage
Shell_NotifyIconA
Shell_NotifyIcon
ShellExecuteW
ShellExecuteExA
ShellExecuteA
SHQueryRecycleBinW
SHPathPrepareForWriteW
SHLoadInProc
SHGetFileInfoW
SHGetPathFromIDListW
SHCreateDirectoryExA

shlwapi

StrCmpNIA
StrRChrIA
StrStrIA
StrCmpNA

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a65381a06775ee3f021722f2d33f9ed

Code Sign

4a:1b:6a:a1:29:f5:77:4d:bb:1b:5c:26:24:3c:84:35Certificate

Extended Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

01:b4:34:6f:a1:2a:37:11:2d:be:1f:e8:d7:7e:5e:80:4a:fd:46:cb:a1:7e:aa:58:12:6f:34:4e:21:6e:09:8fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 26KB - Virtual size: 25KB

.data Size: 23KB - Virtual size: 22KB

.rsrc Size: 7KB - Virtual size: 6KB

4a:1b:6a:a1:29:f5:77:4d:bb:1b:5c:26:24:3c:84:35
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

01:b4:34:6f:a1:2a:37:11:2d:be:1f:e8:d7:7e:5e:80:4a:fd:46:cb:a1:7e:aa:58:12:6f:34:4e:21:6e:09:8f
Signer

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 26KB - Virtual size: 25KB

.data
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 7KB - Virtual size: 6KB